SnifferDevice following sniffer, which follows a specific nRF24 device as it hops, and prints out decoded Enhanced Shockburst packets from the device. This version has also been modified to log the packets to a log file

Network mapperStar network mapper, which attempts to discover the active addresses in a star network by changing the last byte in the given address, and pinging each of 256 possible addresses on each channel in the channel list.

Continuous tone testThe nRF24LU1+ chips include a test mechanism to transmit a continuous tone, the frequency of which can be verified if you have access to an SDR. There is the potential for frequency offsets between devices to cause unexpected behavior. For instance, one of the SparkFun breakout boards that was tested had a frequency offset of ~300kHz, which caused it to receive packets on two adjacent channels.This script will cause the transceiver to transmit a tone on the first channel that is passed in.

Packet generator scriptThis uses a dictionary to map keyboard presses to the equivalent packets. It reads stdin input and logs the mapped packets to logs/keystrokes.log. It will accept input until Ctrl+C is pressed.

usage: ./keymapper.py

Log filesThe folder logs contains various pre-saved packets for various keyboard operations.Shell.log is for exploitation of a Windows machine by running a powershell one-liner which connects back to the attacker machine.The file keys.log serves as a reference where various key presses and combinations are mapped to their equivalent packets.DemoA demo of exploiting a Windows machine: